Questions for any network/security admins

[silencio]

I log my PIX messages every day (have been for a long time now). Around the middle of august I started seeing about 10meg log files (compared to 2-4 meg average) of mostly ICMP traffic. Has anyone else noticed a change like this or is someone just ddosing me? I can't imagine that they are since traffic flows fine so that would make it a pretty lame ddos attack. Also, if it were a ddos attack where would be the best place to start to remedy it? FBI or the ISP first?

Danke

[TripleRLtd]

Go to www.GRC.com and use the tools there.
In fact, read up on the whole site.
Lots of invaluable info.

[silencio]

Thanks but I've read that. Given the way the newest round of viri and hacks work I think alot of traffic is just coming from unpatched/unprotected machines but I want to make sure.

The logs are from my PIX 515.

[craigmodius]

I would bet on the viruses being the cause. When blaster was making it's rounds port 135 was all I saw on our firewall.

Do you use a log analyser? Maybe it's time to get one. We use an older webtrends version. Don't know if it supports the PIX 515, but here is a log analyser that claims to support the PIX 515 log format.

And I have no experience with the PIX 515 or that log analyser, so take that advise for what it's worth